Important:
If you are fluent in another language please click to open one of the tutorials linked above, then click the Translate link at the top of the tutorial to submit a translation for international visitors.

Friday, May 25, 2012

The Chronic Dev-Team has released Rocky Racoon 5.1.1, a package in Cydia that will untether your device if it is currently running a tethered jailbreak of iOS 5.1.1.

Rocky Racoon is the underlying untethered exploit that will be installed by popular jailbreak tools such as redsn0w and absinthe... if you are using 5.1.1 and you can reboot your device and have it still be jailbroken, you have Rocky Racoon.

If you device relies on Rocky Racoon for untethering, which includes nay iPad 2, iPad 3, or iPhone 4S running 5.1.1., uninstalling this package will unjailbreak your device.

Step FiveThe application will take you through several steps to jailbreak including: beginning jailbreak, sending initial jailbreak data, sending final jailbreak data, waiting for reboot, and waiting for process to complete.

Step SixYou will be informed that the jailbreak is 'Done'.

Step SevenIn a few moments you will notice Cydia appear on your Springboard!

Step FiveThe application will take you through several steps to jailbreak including: beginning jailbreak, sending initial jailbreak data, sending final jailbreak data, waiting for reboot, and waiting for process to complete.

Step SixYou will be informed that the jailbreak is 'Done'.

Step SevenIn a few moments you will notice Cydia appear on your Springboard!

The 'dream team' of iOS hackers explains how the Corona jailbreak worked at HITBSecConf.

-GreenPois0n Absinthe was built upon @pod2g's Corona untether jailbreak to create the first public jailbreak for the iPhone 4S and iPad 2 on for the 5.0.1 firmware. In this paper, we present a chain of multiple exploits to accomplish sandbox breakout, kernel unsigned code injection and execution that result in a fully-featured and untethered jailbreak.

Corona is an acronym for "racoon", which is the primary victim for this attack. A format string vulnerability was located in racoon's error handling routines, allowing the researchers to write arbitrary data to racoon's stack, one byte at a time, if they can control racoon's configuration file. Using this technique researchers were able to build a ROP payload on racoon's stack to mount a rogue HFS volume that injects code at the kernel level and patch its code-signing routines.

The original Corona untether exploit made use of the LimeRa1n bootrom exploit as an injection vector, to allow developers to disable ASLR and sandboxing, and call racoon with a custom configuration script. This however left it unusable for newer A5 devices like the iPad2 and iPhone 4S, which weren't exploitable to LimeRa1n, so another injection vector was needed.-

Monday, May 21, 2012

MuscleNerd from the iPhone Dev-Team has posted some details on the upcoming untethered jailbreak from pod2g.

---● All info below is tentative and subject to last minute refinements

● @pod2g's 5.1.1 jailbreak+untether is working out great. All devices are covered except for AppleTV3,1, which currently has no path for jailbreaking.- the initial 5.1.1 plan used a kernel exploit from @westbaer which unfortunately precluded use in iPod3,1 and iPhone2,1- @planetbeing stepped up and provided a kernel exploit that covers both of those. Those two JBers are the bomb!

● The 5.1.1 A5 JB is very similar to the A5 5.0.1 JB. @pimskeks has done a tremendous job supporting both 5.0.1 and 5.1.1 in absinthe

● Similar to 5.0.1, there will also be a 5.1.1 CLI "cinject" binary and redsn0w version of the 5.1.1 JB+untether. Absinthe, cinject, and redsn0w will all provide the same JB in different fashions.- timing is indeterminate. Plans are for this week, but a number of factors can influence that.

● For those wishing to donate, we've set up a new 5.1.1 paypal URL: https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=4U6DQGJ2NRVUN

● Please don't pirate AppStore apps (seriously, please do not).---

The jailbreak is set for release very shortly. You can check out the video below and follow Limerain on @limerain_com, Facebook page , or RSS to be notified of the jailbreak's release.

Friday, May 11, 2012

These are instructions on how to downgrade the firmware of your iPhone 4s using RedSn0w for Mac.

In order to continue you will need to have SHSH Blobs saved for the lower firmware version you are downgrading to. You can use RedSn0w or TinyUmbrella to save your SHSH blobs. Also make sure you have performed a backup of your device using iTunes.

You may want to do this to downgrade from iOS 5.1.x to iOS 5.0.1 for jailbreak.

Step OneCreate a folder called Pwnage on your desktop and download the following items into the folder.- The latest version of RedSn0w- The current iOS firmware (iOS 5.1.1)- The older firmware you want to downgrade to (iOS 5.0.1)

Double click the RedSn0w archive to extract it.

Step TwoLaunch the RedSn0w application from the extracted RedSn0w folder.

Step ThreeSelect Extras from the main menu.

Step FourChoose Even More from the extras menu.

Step FiveSelect Restore from the even more menu.

Step SixClick the IPSW button.

Step SevenNavigate to the Pwnage folder on your desktop and choose the firmware ipsw you would like to restore to and click Open.

Step EightYou will be informed that an additional IPSW is required. Make note of the ipsw file requested and click the OK button.

Step NineSelect the additional ipsw specified in the previous step and click the Open button. (This will likely be the most current firmware ipsw).

Step TenYou will be warned that if you continue your baseband will be updated to the latest version. If you want the best chances of unlocking your phone in the future you should not continue. If you do not care about an unlock click the YES button.

Step ElevenYou will now be informed that your device will be placed into recovery mode. Click the OK button.

Step TwelveYou must now select your blobs for restore. You can choose to specify local blobs or remote blobs.

REMOTE BLOBS- Choose this option if you previously saved your blobs with RedSn0w and they were stored on the Cydia server. This is the easiest option if it's available to you.

LOCAL BLOBS- Choose this option if you previously saved your blobs with TinyUmbrella or you used RedSn0w but did not let Cydia save a copy of your blobs.- After clicking Local you will be prompted to select your saved blob file for the firmware you are downgrading to. If you used TinyUmbrella, simply press COMMAND+SHIFT+G, input ~/.shsh, and clickGo to navigate to the folder with your saved SHSH blobs. Select the file that matches the ECID displayed in RedSn0w and the firmware version you are downgrading to, then click Open.

Step TwelveRedSn0w will now stitch your blobs to the firmware ipsw and automatically begin a restore to the modified firmware.

Step ThirteenYou will be informed that your restore has been successful! If you were downgrading to jailbreak you can find jailbreak instructions here.

Send us a story or tip @ TipsForLimerain.com@gmail.com and follow our pages for the latest limera1n, rubyra1n, and all tech stories, follow us on Twitter at @iphonepixelpost or @limerain_com
And like our Facebook page www.iPodSets.com
- Posted using my iPhone 4